A massive breach affecting millions of federal workers looks like the handiwork of a nation state, with China as the likely candidate, lawmakers and government officials indicated Thursday, drawing calls for swift retaliation. But a larger question looms. Are the federal government systems punched so full of security holes that they can't adequately protect sensitive information?
“I have to think that it must appear to threat actors all over the globe that the U.S. government's IT systems are full of holes, like Swiss cheese, and the response from the U.S. is to play whack-a-mole every time, in a valiant attempt to close each hole,” Andy Hayter, security evangelist for G DATA, said in a statement sent to SCMagazine.com about the breach at the Office of Personnel Management (OPM), which may have compromised the information of four million current and former federal employees. “With all of these attacks, it's likely that each one is arming cyber criminals with exactly what they need and want to execute another one, and the vicious cycle continues.”
Hayter noted that every breach of a federal agency “spells out our vulnerabilities loud and clear to our adversaries, letting them know there are many more opportunities for them to hack our systems and networks over and over again.”
It seems they're getting the message. In recent months, attackers have certainly seized those apparent opportunities. “Activity of concern,” detected at the State Department turned out to be a result of intruders in the agency's non-classified systems. It took months and months for the department to shake them out, with limited success.
The same attackers, who appear to be part of the CozyDuke Advanced Persistent Threat (APT) group, by then had moved on to hack into White House's unclassified systems. And Tuesday, IRS Commissioner John Koskinen defended his agency's security posture in testimony before two Senate committees, attributing a breach of its system through the exploitation of the now-disabled “Get Transcript” application, in part, to budget cuts.
The FBI is investigating the latest incursion into government systems, which OPM believes started in May and was detected by the Department of Homeland Security's intrusion detection system, known as EINSTEIN.
An “aggressive effort to update its cybersecurity posture” over the past year, apparently came too late for the agency, which said in a release that the breach occurred before the government fully deployed its new tools.